openSUSE Security Update : xen (openSUSE-2017-5)

High Nessus Plugin ID 96253

Synopsis

The remote openSUSE host is missing a security update.

Description

This updates xen to version 4.4.4_06 to fix the following issues :

- An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013)

- An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383)

- An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)

- A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932)

- A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024)

- A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637)

- An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386)

- An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests.
Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382)

- A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385)

- A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests.
(boo#1009109, CVE-2016-9381)

- A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380)

- A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910)

- A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909)

- A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667)

- A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669)

- A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576)

- A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908)

- A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909)

- Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496)

- Also unplug SCSI disks in qemu-xen-traditional for upstream unplug protocol. Before a single SCSI storage devices added to HVM guests could appear multiple times in the guest. (boo#953518)

- Fix a kernel panic / black screen when trying to boot a XEN kernel on some UEFI firmwares (boo#1000195)

Solution

Update the affected xen packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1000106

https://bugzilla.opensuse.org/show_bug.cgi?id=1000195

https://bugzilla.opensuse.org/show_bug.cgi?id=1002496

https://bugzilla.opensuse.org/show_bug.cgi?id=1003030

https://bugzilla.opensuse.org/show_bug.cgi?id=1003032

https://bugzilla.opensuse.org/show_bug.cgi?id=1004016

https://bugzilla.opensuse.org/show_bug.cgi?id=1005004

https://bugzilla.opensuse.org/show_bug.cgi?id=1005005

https://bugzilla.opensuse.org/show_bug.cgi?id=1007157

https://bugzilla.opensuse.org/show_bug.cgi?id=1007160

https://bugzilla.opensuse.org/show_bug.cgi?id=1009100

https://bugzilla.opensuse.org/show_bug.cgi?id=1009103

https://bugzilla.opensuse.org/show_bug.cgi?id=1009104

https://bugzilla.opensuse.org/show_bug.cgi?id=1009107

https://bugzilla.opensuse.org/show_bug.cgi?id=1009109

https://bugzilla.opensuse.org/show_bug.cgi?id=1009111

https://bugzilla.opensuse.org/show_bug.cgi?id=1011652

https://bugzilla.opensuse.org/show_bug.cgi?id=1012651

https://bugzilla.opensuse.org/show_bug.cgi?id=1014298

https://bugzilla.opensuse.org/show_bug.cgi?id=1016340

https://bugzilla.opensuse.org/show_bug.cgi?id=953518

Plugin Details

Severity: High

ID: 96253

File Name: openSUSE-2017-5.nasl

Version: Revision: 3.7

Type: local

Agent: unix

Published: 2017/01/03

Updated: 2017/02/01

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/01/02

Reference Information

CVE: CVE-2016-10013, CVE-2016-10024, CVE-2016-7777, CVE-2016-7908, CVE-2016-7909, CVE-2016-8576, CVE-2016-8667, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9379, CVE-2016-9380, CVE-2016-9381, CVE-2016-9382, CVE-2016-9383, CVE-2016-9385, CVE-2016-9386, CVE-2016-9637, CVE-2016-9932

IAVB: 2016-B-0149, 2017-B-0008